Supervalu Says Hackers May Have Stolen U.S. Customers' Data

Supervalu Inc. said customers' payment-card details may have been stolen as the U.S. grocery chain with more than 3,300 stores became the latest to fall victim to hackers.

The data may have been stolen from cards used in Supervalu stores from June 22 to July 17 following a network intrusion, the Eden Prairie, Minnesota-based company said in a statement today. Payment companies have been notified and law-enforcement agencies are investigating, it said.

Supervalu joins a lengthening list of companies whose systems have been compromised. Minneapolis-based retailer Target Corp. was victim of a breach last year that allowed hackers to gain access to payment data for 40 million customers' cards. Hackers in Russia have amassed 1.2 billion sets of looted user names and passwords, the largest known cache of stolen personal information, U.S. company Hold Security LLC said this month.

Cybercrime costs as much as $575 billion a year and remains a growth industry with attacks on banks, retailers and energy companies that will worsen, according to a June report by the Washington-based Center for Strategic and International Studies and sponsored by network security company McAfee Inc.

"We have had no evidence of any misuse of any customer data," Supervalu Chief Executive Officer Sam Duncan said in today's statement. "I regret any inconvenience that this may cause our customers, but want to assure them that it is safe to shop in our stores."

Such breaches threaten to drive customers away and can also be dangerous for company executives.

Target's board ousted CEO Gregg Steinhafel in the wake of the data theft last year. The retailer's reputation and store visitor numbers were hurt after the attack became public in December, while its U.S. comparable-store sales fell 2.5 percent in the fourth quarter. Target said earlier this year that it would spend $100 million to accelerate the rollout of cards with better security technology.

Luxury retailer Neiman Marcus Group Ltd. and LivingSocial Inc., the daily coupon website based in Washington, were also hit by cyber-attacks in 2013.

While some of the highest-profile victims of hacking have been U.S. companies, the problem is global. Orange SA, France's largest phone company, said in May that 1.3 million people had personal information stolen because of a breach in a technical platform, the second attack on the company this year.

For reprint and licensing requests for this article, click here.
Consumer banking
MORE FROM AMERICAN BANKER